Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2:Test
pidgin
pidgin-CVE-2013-0272.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File pidgin-CVE-2013-0272.patch of Package pidgin
# HG changeset patch # User Mark Doliner <mark@kingant.net> # Date 1360573770 28800 # Node ID 879db2a9a59c5f0bd1007fd89271092932315a65 # Parent a8aef1d340f2b2430321533cef87f5289968fa91 Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. This is CVE-2013-0272. The problem was detected by Coverity static analysis, and Daniel Atallah brought it to everyone's attention and got us to fix it. diff --git a/libpurple/protocols/mxit/http.c b/libpurple/protocols/mxit/http.c --- a/libpurple/protocols/mxit/http.c +++ b/libpurple/protocols/mxit/http.c @@ -116,11 +116,12 @@ buflen = session->rx_i; /* read bytes from the socket */ - len = read( session->fd, buf + buflen, sizeof( buf ) - buflen ); + len = read( session->fd, buf + buflen, sizeof( buf ) - ( buflen + 1 ) ); if ( len <= 0 ) { /* connection has been terminated, or error occurred */ goto done; } + buf[buflen+len] = '\0'; //nextpacket: @@ -181,7 +182,11 @@ g_free( tmp ); tmp = NULL; - if ( buflen > ( ( body - buf ) + bodylen ) ) { + if ( buflen + bodylen >= CP_MAX_PACKET ) { + /* this packet is way to big */ + goto done; + } + else if ( buflen > ( ( body - buf ) + bodylen ) ) { /* we have a second packet here */ next = body + bodylen; session->rx_res = 0;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor